Guidance

IT Assurance Services Guidance

The guidance set forth provides the CPA with direction and best practices towards improving information quality and managing information risk towards providing independent and professional opinions that improve the quality of information given to management as well as other decision makers within an organization.

GTAG

GTAG 2: Change and Patch Management Controls: Critical for Organizational Success
Posted with permission by The Institute of Internal Auditors, this guide addresses the areas that are impacted by changes to the IT infrastructure. It also provides guidance on how to communicate to the board the risks and controls identified and assist the organization to stay abreast of the continual changes in regulatory requirements.

GTAG 4: Management of IT Auditing
Posted with permission by The Institute of Internal Auditors, GTAG 4: Management of IT Auditing covers how to define IT strategy, evaluate IT-related risk, execute IT audits, manage the IT audit function and features some of the emerging issues affecting this area.

GTAG 8: Auditing Application Controls
GTAG 8 attempts to bridge the gap between internal auditors and technologists through this comprehensive guide that breaks down the various risks associated with application controls and how internal auditing can help to mitigate those risks.

GTAG 7: Information Technology Outsourcing
IT outsourcing is often defined as the use of service providers or vendors to create, maintain, or reengineer a company’s IT architecture and systems. Although this definition is deceptively simple, it encompasses a wide range of outsourcing activities.

GTAG 11: Developing the IT Audit Plan
As technology becomes more integral to the organization’s operations and activities, a major challenge for internal auditors is how to best approach a company-wide assessment of IT risks and controls within the scope of their overall assurance and consulting services.

GAIT Principles

The GAIT Principles
Each organization can use these principles in developing a more detailed process for defining the scope of their IT general controls.

Institute of Internal Auditors
The Institute of Internal Auditors (IIA) is an international professional association that offers certification, education, research, and technological guidance for internal auditors.

ISACA
ISACA is a global organization for information governance, control, security and audit professionals. It offers IS auditing and IS control standards.

Public Company Accounting Oversight Board
The PCAOB is a private-sector, non-profit corporation, created by the Sarbanes-Oxley Act of 2002, to oversee the auditors of public companies in order to protect the interests of investors and further the public interest in the preparation of informative, fair, and independent audit reports.